Share via

Single AD object synchronization to multiple Azure AD tenants and free/busy

Anonymous
2022-07-08T05:24:30.24+00:00

We have a single Active Directory domain and two email domains. Users are split into two Organization Units basis UPN/Email domain and synchronized through two Azure AD Connect servers to separate Azure AD tenants.

On the Exchange side, basis September 2020 update to Hybrid Configuration Wizard, we have configured a single on-premises two-tenant hybrid.

However, we have come across a challenge in how to make shared resources (meeting rooms, equipment, car parks) available to users in both tenants. Shared resources are still on premises.

Here is what we did:

  1. We placed a couple of shared resource objects in a new OU and synchronized that OU through both Azure AD Connect instances.
  2. We found that the object shows up in the address book of Exchange Online users in both tenants
  3. However, the free busy information is only visible from one tenant
  4. So, we added an alias/proxy/secondary address to the shared resource with verified domain of the tenant from where the free busy is not visible and voila it starts working

So, the following are my questions:

  1. Is this a supported configuration for identity synchronization?
  2. Is this a supported configuration for free/busy?
  3. What are the possible challenges that may occur in future?
Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,171 questions
Exchange Hybrid management
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments
Accepted answer
  1. KyleXu-MSFT 26,396 Reputation points
    2022-07-11T01:39:00.667+00:00

    @Anonymous

    One AD account can only supported to sync with one AAD.

    I would suggest you migrate room mailbox to one of tenant, then do a cross-tenant free/busy sharing: September 2020 Hybrid Configuration Wizard Update
    219351-1.png

    But, if your current configuration works, you can continue to use it, although it is not supported. You could modify it when you find issue with it.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ITGuySoCal 11 Reputation points
    2022-07-10T07:07:11.5+00:00

    Syncing the same object to two separate tenants is not supported according to the supported topology documentation here:

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

    However, according to this same documentation page, it says you can use FIM 2010 or MIM 2016 on-premises to sync objects (via GALSync) between two Exchange organizations. The shared objects in one organization appear as foreign users/contacts in the other organization. These different on-premises Active Directory instances can then be synchronized with their own Azure AD tenants. @David Lundell or @David Lundell can confirm.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.